Cloud-hosted applications (also referred to herein as “cloud applications”), are proliferating in number and variety. Users can access these cloud applications from within a network (e.g., an enterprise network), which can create certain risks/threats to the network/enterprise. Enterprises sometimes use a cloud application security function to deal with compliance, data security, threat detection and mitigation, etc. The security function may sit between an enterprise network and a cloud provider and enforces security policies for cloud access.